Reply to: Any web designers?

Too much pink will create impression it is a gay site.

Cowboy Bob/realityhack/Sysman

Appreciate the comments. I'm from an infrastructure background so the development arena is outside my field of knowledge.

I'll take up your points with my developer.

Final point, any suggestions on the best way to secure users email addresses?

Couple of others:-

Make sure passwords are stored in the DB as a one-way hash, then compare hashes when the user enters their password.

Go through the code with a fine-tooth comb and change any straight DB calls to parameterised queries to avoid SQL injection - PHP tends to be wide open to this kind of attack since it's DB handling facilities are pretty primitive by default. You may need a 3rd party library such as Pear DB in order to do this, not sure.

Turn off "register globals" in the PHP config file. If the application breaks, go to the person who supplied it to you and demand your money back, with menaces if necessary.

One of my pals is running a PHP site for technical support, and making some wonga from advertising - i.e. not collecting payments via the site.

His observations:

New PHP attacks are coming all the time. Keep up to date with the security patches - this is a must.

Watch out for bots trying to fill discussion sections with spam. He now insists on folks creating an account to avoid this.

Lock up any customer data as tightly as you can. Don't let email addresses be harvested as you can be accused of selling them to "they who should be shot at dawn" (spammers).

A java game called lets throw bricks at jonno.

Tips on male grooming.

A section about coping with a lithp.

the site is currently free to use, I generate money through advertsing-does anyone have any ideas/suggestions as to what features I should add when I revamp the site?

And the same would go for collecting user data using PHP, right?
e.g. Creating a user account for your website.

Is the alternative to go for an ASP/SQL solution?

Ditto - I'm currently using JSP to achieve the same result - but not capturing any data other than the quantity and amount - and sending those values through to a secure site verified by visa for the customer to do the rest. I wouldn't touch PHP for data capture.

Delete the site and sell the domain name.

You obviously are useleth.

If you're redirecting out to a service like Worldpay or PayPal you're fine because no payment details are taken on your site. I'd severely worry if your site is actually collecting any payment information through your PHP pages though. I personally wouldn't use it and I wouldn't recommend anyone else do so.

CB - Presumably, if you are going to use a third party to take payment and capture the users order details, this is not so much of an issue?

Reason I ask, is Plan B (which I have inherited and due to go live in the coming weeks) is built using PHP and MySQL.

You're also using PHP, which while fine for more modest things doesn't really scale well (you can't cluster it) and is not really secure enough if you're going to take money on the site - http://www.php-security.org/

Yikes.

Your images are too heavy - the site is very slow because of this:
http://www.websiteoptimization.com/s...k/db/index.php

I'd redo most of the graphics, align them properly along with your navigation, and use a more neutral background colour. My eyes hurt.

As for the markup - use css layout instead of tables please.

you could rename the site findashag.com